Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1xMnd2LW0zcHEteHB2Oc4AAjx7
Credentials transmitted in plain text by Skytap Cloud CI Plugin
Skytap Cloud CI Plugin stores credentials in job config.xml
files as part of its configuration.
While the credentials are stored encrypted on disk, they are transmitted in plain text as part of the configuration form by Skytap Cloud CI Plugin 2.07 and earlier. These credentials could be viewed by users with Extended Read permission.
Permalink: https://github.com/advisories/GHSA-q2wv-m3pq-xpv9JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1xMnd2LW0zcHEteHB2Oc4AAjx7
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Low
Classification: General
Published: almost 2 years ago
Updated: about 1 year ago
CVSS Score: 3.1
CVSS vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
Identifiers: GHSA-q2wv-m3pq-xpv9, CVE-2020-2157
References:
- https://nvd.nist.gov/vuln/detail/CVE-2020-2157
- https://jenkins.io/security/advisory/2020-03-09/#SECURITY-1522
- http://www.openwall.com/lists/oss-security/2020/03/09/1
- https://github.com/advisories/GHSA-q2wv-m3pq-xpv9
Affected Packages
maven:org.jenkins-ci.plugins:skytap
Affected Version Ranges: <= 2.07No known fixed version